Insights Access

Two-factor authentication

ControlUp Insights can be configured to send a secondary authentication code whenever a user provides a valid email / password combination on the sign-in page of the ControlUp Insights portal. The objective of this code is to enhance sign-in security by offering proof that the user attempting to sign into ControlUp Insights is indeed the legitimate owner of the user account. This option is disabled by default, which means that two-factor authentication is not required to sign in.

When this option is enabled, ControlUp servers will send a numeric authentication code to the email address activated by the user after creating their ControlUp user account. Optionally, the secondary authentication code can also be delivered by using a mobile push notification to any mobile device on which ControlUp Mobile App was downloaded and activated.

Portal sign-on restrictions

This section allows you to configure two additional restrictions that are intended to enhance the security of ControlUp Insights sign-in process.

One restriction is a list of email address suffixes (email domains), which can be validated to ensure that portal sign-in is granted exclusively to users who own a corporate email account. When used in tandem with two-factor authentication, this option further enhances the security of ControlUp Insights sign-in by performing this verification every time a user signs into the portal.

The second restriction is a list of source IP addresses against which ControlUp servers will validate the source public IP address from which ControlUp Insights portal is accessed. This option can be used in order to ensure that ControlUp Insights is always accessed from legitimate corporate locations.

Single sign-on for Insights Access

This mechanism is used to leverage your existing ControlUp credentials to sign you on automatically, without the need to provide a username and password. Single Sign-On is activated when the ControlUp Insights button on the Home ribbon is clicked. This setting allows for disabling the Single Sign-On mechanism and requiring all users to provide a valid email and password when signing in.